Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
14-05-2024 20:30
Behavioral task
behavioral1
Sample
37c3d688f53df970cb00150b0534e814e04bcb2070918822c6d35bfbb6f8d91a.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
37c3d688f53df970cb00150b0534e814e04bcb2070918822c6d35bfbb6f8d91a.exe
Resource
win10v2004-20240426-en
General
-
Target
37c3d688f53df970cb00150b0534e814e04bcb2070918822c6d35bfbb6f8d91a.exe
-
Size
2.0MB
-
MD5
696e3781b1dafc2ec3f76711ea2d4fc8
-
SHA1
2d6642888bf9d71791a1846e8547ffef3c88215f
-
SHA256
37c3d688f53df970cb00150b0534e814e04bcb2070918822c6d35bfbb6f8d91a
-
SHA512
d6822276f835ec0930ddf9b473bf3ec1c0072d6832281eba721a1e80694733bcf9bfffe085e91e95a9c6aed4fc12ddf47fd1491b2e41eaebc94fad8b89c77eab
-
SSDEEP
49152:TrYU+Yy4J8jao9UVlWAOjhRzsiYHjo++xTN:TdxVJC9UqRzsu+8N
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Processes:
resource yara_rule behavioral1/memory/1700-1-0x0000000000F20000-0x000000000112A000-memory.dmp dcrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
37c3d688f53df970cb00150b0534e814e04bcb2070918822c6d35bfbb6f8d91a.exedescription pid process Token: SeDebugPrivilege 1700 37c3d688f53df970cb00150b0534e814e04bcb2070918822c6d35bfbb6f8d91a.exe